On Thu, Aug 30, 2007 at 08:23:18AM +0200, martin f krafft wrote:
> also sprach Jaldhar H. Vyas <[EMAIL PROTECTED]> [2007.08.30.0732 +0200]:
> > if [ ${#SSL_CERT[*]} -eq 1 -a ${#SSL_KEY[*]} -eq 1 ]; then
>
> That's a bashism * 2: [*] as well as -a
>
> I suggest something like this instead:
>
> ## SSL Certs
> # Certs and key file
> SSL_CERT="$(sed -ne
> 's,^[[:space:]]*ssl_cert_file[[:space:]]*=[[:space:]]*,,p')"
> [ -z "$SSL_CERT" ] && SSL_CERT=/etc/ssl/certs/dovecot.pem
> SSL_KEY="$(sed -ne 's,^[[:space:]]*ssl_key_file[[:space:]]*=[[:space:]]*,,p')"
> [ -z "$SSL_KEY" ] && SSL_KEY=/etc/ssl/private/dovecot.pem
>
> ## Generate new certs if needed but only if exactly one key is configured
> # test whether SSL_* contains a space, and only proceed if this is
> # not the case
> if [ "$SSL_CERT" = "${SSL_CERT#* }" ] && [ "$SSL_KEY" = "${SSL_KEY#* }" ];
> then
> if [ -e $SSL_CERT ] && [ -e $SSL_KEY ]; then
> echo making certs
> else
> echo certs exist
> fi
> else
> echo complex config
> fi
I'm not sure of the necessity to check for anything but the default
locations. The only downside I can see is that the dovecot.pem files
will get regenerated in their default locations if they were deleted
between version updates. (not sure about reconfigure - you could test
the validity of the key maybe and recreate if it's no longer valid)
A dovecot installation will be one of:
1. default config without ssl files (new install)
2. default config with ssl files (update)
3. non standard config (update)
The only time the ssl stuff needs generating is for a new install (1),
in which case the certs and keys won't exist. In all other cases, these
files can safely be left alone if they exist. I'd do:
SSL_CERT=/etc/ssl/certs/dovecot.pem
SSL_KEY=/etc/ssl/private/dovecot.pem
## Generate new certs if needed
if [ -e $SSL_CERT ] && [ -e $SSL_KEY ]; then
echo making certs
else
echo certs exist
fi
Anything else assumes you might want keys created in non-standard places
which I think is probably not the case - you'd almost certainly have
created/copied them there manually.
Cheers
John
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
